feat/Allow to map multiple subdomains on CloudRun main module (Google…

…CloudPlatform#72) Allow to add a list of subdomains on CloudRun main module Co-authored-by: Jamie Mitchell <95890357+mitchelljamie@users.noreply.github.com>
datadrivers · Oct 28, 2022 · 3916a1f · 3916a1f
1 parent 8eafe2d
commit 3916a1f
Show file tree

Hide file tree

Showing 11 changed files with 55 additions and 24 deletions.
diff --git a/README.md b/README.md
@@ -8,6 +8,17 @@ The resources/services/activations/deletions that this module will create/trigge
 * Creates Domain mapping for the deployed service
 * Applies Cloud Run Invoker role to members
 
+## Mapping custom domains and subdomains
+
+You can map multiple custom domains and subdomains to the same Cloud Run service. If you want to register a domain with Cloud Domains, see [Registering a domain with Cloud Domains within the Cloud Run console](https://cloud.google.com/run/docs/mapping-custom-domains#register-domain).
+
+To add a custom domain or subdomain to your Cloud Run service, you need to add the values to the `verified_domain_name` variable.
+
+Before you've mapped your service to a custom domain in Cloud Run, you need to update your DNS records at your domain registry.
+If you're using Cloud DNS as your DNS provider, see [Adding a record](https://cloud.google.com/dns/docs/records#adding_a_record).
+
+In case your DNS is not managed by Google Cloud Domains, the ownership of your domain needs to be verified adding a `txt record` on your DNS configuration. This verification can be done following the steps from [this documentation](https://cloud.google.com/identity/docs/verify-domain-txt).
+
 ## Assumptions and Prerequisites
 
 This module assumes that below mentioned prerequisites are in place before consuming the module.
@@ -65,7 +76,7 @@ module "cloud_run" {
 | template\_labels | A set of key/value label pairs to assign to the container metadata | `map(string)` | `{}` | no |
 | timeout\_seconds | Timeout for each request | `number` | `120` | no |
 | traffic\_split | Managing traffic routing to the service | <pre>list(object({<br>    latest_revision = bool<br>    percent         = number<br>    revision_name   = string<br>  }))</pre> | <pre>[<br>  {<br>    "latest_revision": true,<br>    "percent": 100,<br>    "revision_name": "v1-0-0"<br>  }<br>]</pre> | no |
-| verified\_domain\_name | Custom Domain Name | `string` | `""` | no |
+| verified\_domain\_name | List of Custom Domain Name | `list(string)` | `[]` | no |
 | volume\_mounts | [Beta] Volume Mounts to be attached to the container (when using secret) | <pre>list(object({<br>    mount_path = string<br>    name       = string<br>  }))</pre> | `[]` | no |
 | volumes | [Beta] Volumes needed for environment variables (when using secret) | <pre>list(object({<br>    name = string<br>    secret = set(object({<br>      secret_name = string<br>      items       = map(string)<br>    }))<br>  }))</pre> | `[]` | no |
 
@@ -82,6 +93,7 @@ module "cloud_run" {
 | service\_name | Name of the created service |
 | service\_status | Status of the created service |
 | service\_url | The URL on which the deployed service is available |
+| verified\_domain\_name | List of Custom Domain Name |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

diff --git a/main.tf b/main.tf
@@ -123,10 +123,10 @@ resource "google_cloud_run_service" "main" {
 }
 
 resource "google_cloud_run_domain_mapping" "domain_map" {
-  count    = var.verified_domain_name != "" ? 1 : 0
+  for_each = toset(var.verified_domain_name)
   provider = google-beta
   location = google_cloud_run_service.main.location
-  name     = var.verified_domain_name
+  name     = each.value
   project  = google_cloud_run_service.main.project
 
   metadata {

diff --git a/modules/secure-cloud-run-core/README.md b/modules/secure-cloud-run-core/README.md
@@ -64,7 +64,7 @@ module "cloud_run_core" {
 | template\_labels | A set of key/value label pairs to assign to the container metadata. | `map(string)` | `{}` | no |
 | timeout\_seconds | Timeout for each request. | `number` | `120` | no |
 | traffic\_split | Managing traffic routing to the service. | <pre>list(object({<br>    latest_revision = bool<br>    percent         = number<br>    revision_name   = string<br>  }))</pre> | <pre>[<br>  {<br>    "latest_revision": true,<br>    "percent": 100,<br>    "revision_name": "v1-0-0"<br>  }<br>]</pre> | no |
-| verified\_domain\_name | Custom Domain Name. | `string` | `""` | no |
+| verified\_domain\_name | List of custom Domain Name. | `list(string)` | n/a | yes |
 | volume\_mounts | [Beta] Volume Mounts to be attached to the container (when using secret). | <pre>list(object({<br>    mount_path = string<br>    name       = string<br>  }))</pre> | `[]` | no |
 | volumes | [Beta] Volumes needed for environment variables (when using secret). | <pre>list(object({<br>    name = string<br>    secret = set(object({<br>      secret_name = string<br>      items       = map(string)<br>    }))<br>  }))</pre> | `[]` | no |
 | vpc\_connector\_id | VPC Connector id in the format projects/PROJECT/locations/LOCATION/connectors/NAME. | `string` | n/a | yes |

diff --git a/modules/secure-cloud-run-core/main.tf b/modules/secure-cloud-run-core/main.tf
@@ -38,11 +38,11 @@ module "cloud_run" {
   argument               = var.argument
   container_command      = var.container_command
   volume_mounts          = var.volume_mounts
-  verified_domain_name   = var.verified_domain_name
   force_override         = var.force_override
   certificate_mode       = var.certificate_mode
   domain_map_labels      = var.domain_map_labels
   domain_map_annotations = var.domain_map_annotations
+  verified_domain_name   = var.verified_domain_name
 
   service_annotations = {
     "run.googleapis.com/ingress" = "internal-and-cloud-load-balancing"

diff --git a/modules/secure-cloud-run-core/variables.tf b/modules/secure-cloud-run-core/variables.tf
@@ -266,9 +266,8 @@ variable "volume_mounts" {
 
 // Domain Mapping
 variable "verified_domain_name" {
-  description = "Custom Domain Name."
-  type        = string
-  default     = ""
+  description = "List of custom Domain Name."
+  type        = list(string)
 }
 
 variable "force_override" {

diff --git a/modules/secure-cloud-run/README.md b/modules/secure-cloud-run/README.md
@@ -90,6 +90,7 @@ module "secure_cloud_run" {
 | service\_name | Shared VPC name. | `string` | n/a | yes |
 | shared\_vpc\_name | Shared VPC name which is going to be re-used to create Serverless Connector. | `string` | n/a | yes |
 | subnet\_name | Subnet name to be re-used to create Serverless Connector. | `string` | `null` | no |
+| verified\_domain\_name | List of Custom Domain Name | `list(string)` | `[]` | no |
 | vpc\_project\_id | The host project for the shared vpc. | `string` | n/a | yes |
 
 ## Outputs

diff --git a/modules/secure-cloud-run/main.tf b/modules/secure-cloud-run/main.tf
@@ -119,17 +119,18 @@ module "cloud_run_security" {
 module "cloud_run_core" {
   source = "../secure-cloud-run-core"
 
-  service_name     = var.service_name
-  location         = var.location
-  project_id       = var.serverless_project_id
-  image            = var.image
-  cloud_run_sa     = var.cloud_run_sa
-  vpc_connector_id = module.cloud_run_network.connector_id
-  encryption_key   = module.cloud_run_security.key_self_link
-  domain           = var.domain
-  env_vars         = var.env_vars
-  members          = var.members
-  region           = var.region
+  service_name         = var.service_name
+  location             = var.location
+  project_id           = var.serverless_project_id
+  image                = var.image
+  cloud_run_sa         = var.cloud_run_sa
+  vpc_connector_id     = module.cloud_run_network.connector_id
+  encryption_key       = module.cloud_run_security.key_self_link
+  domain               = var.domain
+  env_vars             = var.env_vars
+  members              = var.members
+  region               = var.region
+  verified_domain_name = var.verified_domain_name
 
   depends_on = [
     module.serverless_project_apis,

diff --git a/modules/secure-cloud-run/variables.tf b/modules/secure-cloud-run/variables.tf
@@ -179,3 +179,10 @@ variable "resource_names_suffix" {
   type        = string
   default     = null
 }
+
+variable "verified_domain_name" {
+  type        = list(string)
+  description = "List of Custom Domain Name"
+  default     = []
+}
+
diff --git a/outputs.tf b/outputs.tf
@@ -50,11 +50,17 @@ output "service_status" {
 }
 
 output "domain_map_id" {
-  value       = google_cloud_run_domain_mapping.domain_map.*.id
+  value       = values(google_cloud_run_domain_mapping.domain_map)[*].id
   description = "Unique Identifier for the created domain map"
 }
 
 output "domain_map_status" {
-  value       = google_cloud_run_domain_mapping.domain_map.*.status
+  value       = values(google_cloud_run_domain_mapping.domain_map)[*].status
   description = "Status of Domain mapping"
 }
+
+output "verified_domain_name" {
+  value       = values(google_cloud_run_domain_mapping.domain_map)[*].name
+  description = "List of Custom Domain Name"
+}
+
diff --git a/test/setup/outputs.tf b/test/setup/outputs.tf
@@ -26,3 +26,8 @@ output "sa_key" {
   value     = google_service_account_key.int_test.private_key
   sensitive = true
 }
+
+output "verified_domain_name" {
+  value = []
+}
+
diff --git a/variables.tf b/variables.tf
@@ -194,9 +194,9 @@ variable "volume_mounts" {
 
 // Domain Mapping
 variable "verified_domain_name" {
-  type        = string
-  description = "Custom Domain Name"
-  default     = ""
+  type        = list(string)
+  description = "List of Custom Domain Name"
+  default     = []
 }
 
 variable "force_override" {